Can I buy you Galaxy Buds Plus?

[koderian]

Can I buy you Galaxy Buds Plus? Will you use the Buds Plus so the app will support it?

[timschneeb]

Wow, yeah of course. I'd definitely work on adding Buds+ plus support if you are considering donating a pair to me. :)

It just depends on how you want to send them to me: send money via Paypal and I'll buy them myself or you ship them directly to me.

[koderian]

Ok! cool. I'll see what I can do

On Tue, Jun 23, 2020 at 9:22 AM Tim Schneeberger notifications@github.com wrote:

Wow, yeah of course. I'd definitely work on adding Buds+ plus support if you are considering donating a pair to me. :)

It just depends on how you want to send them to me: send money via Paypal and I'll buy them myself or you ship them directly to me.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ThePBone/GalaxyBudsClient/issues/6#issuecomment-648368779, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKTZJR54J3MQZDEA3POGNG3RYD6ILANCNFSM4OF55Y2A .

[asherperlmuter]

@koderian make a post on the galaxybuds subreddit so we can all chip in

[koderian]

Got it! What would I say? Not gonna lie, this app is VERY useful and fast

On Tue, Jun 23, 2020 at 3:56 PM asherperlmuter notifications@github.com wrote:

@koderian https://github.com/koderian make a post on the galaxybuds subreddit so we can all chip in

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ThePBone/GalaxyBudsClient/issues/6#issuecomment-648535644, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKTZJRZ6A7D7TZAR24JQSHTRYFMMLANCNFSM4OF55Y2A .

[postacik]

Hi, I've just bought a pair of Galaxy Buds+ and I'm a developer and I want to contribute to this project if you can tell me where to start.

[timschneeb]

Well, the big problem with the Buds+ is they use a different SPP protocol which makes it impossible for me to provide you with the exact steps on how to do that.

I realized that after another developer messaged me as well and asked if I could help him to implement Buds+ support by exchanging Bluetooth dumps. Since the SPP implementation of the Buds is fundamentally different from the Buds+, I dropped the idea to do "remote-debugging" with him as it would have been very time-consuming to poke around in some raw binary data when I can't even verify its validity.

You will need to reverse-engineer their RFCOMM/SPP protocol from scratch by intercepting raw incoming binary data from one of the Bluetooth channels/services (on Windows or Android). Once you have collected enough binary data you need to analyze it using a HEX-editor. You need to find out where the actual SPP messages start and end, their size, type, id, and most importantly the algorithm used to validate and generate checksums from their actual payloads (for example SHA16, CRC16, ...). After that, you'd need to go one level deeper and start reversing the actual payloads contained in those messages.

TL;DR: Unfortunately I won't be a big help for adding Buds+ support since I don't own them.

[postacik]

Thanks for the deeeeep information. What's the best tool to capture raw bluetooth communication data?

[timschneeb]

There is no suitable one. I wrote my own C# development tool (included with the manager app, it won't work with the Buds+ obviously). But writing a small Python script to receive/send from a RFCOMM socket should be enough too.

On Wed, Jun 24, 2020, 4:59 PM Ahmet Uzun notifications@github.com wrote:

Thanks for the deeeeep information. What's the best tool to capture raw bluetooth communication data?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ThePBone/GalaxyBudsClient/issues/6#issuecomment-648874416, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJE32F7HAMHBO6CQFZ7CGMDRYIIFNANCNFSM4OF55Y2A .

[superbonaci]

Wow, yeah of course. I'd definitely work on adding Buds+ plus support if you are considering donating a pair to me. :)

It just depends on how you want to send them to me: send money via Paypal and I'll buy them myself or you ship them directly to me.

I think if you add them to your Amazon's wishlist anybody can gift them to you: HOW TO USE AMAZON WISH LISTS FOR GIFTING

There are also good discounts on eBay.

@ThePBone don't quote emails please.

[superbonaci]

Thanks for the deeeeep information. What's the best tool to capture raw bluetooth communication data?

I use HCI Snoop Log from Android. If you have rooted LineageOS it's easy peasy to copy the log file from data partition. Then use Wireshark to view raw data.

[postacik]

Thanks for the deeeeep information. What's the best tool to capture raw bluetooth communication data?

I use HCI Snoop Log from Android. If you have rooted LineageOS it's easy peasy to copy the log file from data partition. Then use WireShark to view raw data.

Unfortunately I use a non rooted Samsung phone.

I want to ask another question about reverse engineering. On my phone I have the Galaxy Buds+ app installed which I think I can copy the apk to my computer and have a look at the Java code for bluetooth communications.

Would it be of any help if I could extract the Java data structures from that package?

[superbonaci]

@postacik search under Developer options for HCI Snoop Log.

Yes u can decompile apks and view the source code, with apktool or GUI tools: [TOOL][Windows] APK Easy Tool v1.57 (12 june 2020)

There are online decompilers too.

[postacik]

Thanks for the tip. I've worked with apk tools and Java decompilers before. I just wondered if @ThePBone ever tried to figure out the communication protocol by looking at the source code.

[timschneeb]

Thanks for the tip. I've worked with apk tools and Java decompilers before. I just wondered if @ThePBone ever tried to figure out the communication protocol by looking at the source code.

Yes, otherwise I wouldn't have been able to get ahold of all their message ids and parameter-information in there. I've also had a quick look at the Buds+ plugin APK disassembly to check the difference without actually having a pair.

I recommend you to use https://github.com/skylot/jadx since it is capable of disassembling Smali bytecode to more or less accurate Java code (no idea if APK Easy Tool has a dex-to-java disassembler as well, but IIRC I don't think it has one unless you want to read Smali code).

You might need to enable "Preferences > Show inconsistent code" in jadx since some parts of the SPP message handler are lost (be careful though you might end up with invalid code)

[timschneeb]

@postacik I've also uploaded my dev-tool (C#) modified for the Buds+ the other week for another dev.

I already replaced all messaged IDs with the ones for the Buds+ and also updated the SDP UUID so it should connect to the right Bluetooth interface. I don't expect it to work on the first try (crashes are expected) but you could use it as a starting point. You can find a brief description in the README.

https://github.com/ThePBone/GalaxyBudsDevTool

[timschneeb]

There are also good discounts on eBay.

That's actually a really good idea, I can't believe I haven't thought of that before. I'll see if I can get a good deal, maybe a used/refurbished pair if they aren't too expensive.

EDIT: I found a good deal and bought a pair.

[superbonaci]

Glad you found them.

[timschneeb]

This update adds support for the Buds+:

https://github.com/ThePBone/GalaxyBudsClient/releases/tag/2.0.0

[postacik]

Great news. Thanks :)

[superbonaci]

Good job.